3.5
CVE-2012-1987
- EPSS 0.74%
- Published 29.05.2012 20:55:07
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
Data is provided by the National Vulnerability Database (NVD)
Puppet ≫ Puppet Enterprise Version2.5.0
Puppetlabs ≫ Puppet Version2.7.0
Puppetlabs ≫ Puppet Version2.7.1
Puppet ≫ Puppet Enterprise Version1.2.0
Puppet ≫ Puppet Enterprise Version1.2.1
Puppet ≫ Puppet Enterprise Version1.2.2
Puppet ≫ Puppet Enterprise Version1.2.3
Puppet ≫ Puppet Enterprise Version1.2.4
Puppet ≫ Puppet Enterprise Version2.0.0
Puppet ≫ Puppet Enterprise Version2.0.1
Puppet ≫ Puppet Enterprise Version2.0.2
Puppetlabs ≫ Puppet Enterprise Users Version1.0
Puppetlabs ≫ Puppet Enterprise Users Version1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.74% | 0.718 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:N/A:P
|